Vulnerabilities

 5 via 43 paths

Dependencies

 101

Source

 GitHub

Commit

 25404c74

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 5
  • 4
Severity
  • 5
  • 4
Status
  • 9
  • 0
  • 0

high severity

Uncontrolled Recursion

  • Vulnerable module: commons-lang:commons-lang
  • Introduced through: org.apache.maven.reporting:maven-reporting-impl@3.1.0

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.velocity:velocity@1.7 commons-lang:commons-lang@2.4
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.velocity:velocity-tools@2.0 org.apache.velocity:velocity@1.7 commons-lang:commons-lang@2.4
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.codehaus.plexus:plexus-velocity@1.2 org.apache.velocity:velocity@1.7 commons-lang:commons-lang@2.4

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.

Remediation

There is no fixed version for commons-lang:commons-lang.

References

Uncontrolled Recursion vulnerability report

high severity

Uncontrolled Recursion

  • Vulnerable module: org.apache.commons:commons-lang3
  • Introduced through: org.apache.maven.doxia:doxia-core@1.12.0, com.github.gantsign.maven.doxia:doxia-sink-api-ktx@1.6.0 and others

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.doxia:doxia-core@1.12.0 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.doxia:doxia-core@1.12.0 org.apache.commons:commons-text@1.3 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd com.github.gantsign.maven.doxia:doxia-sink-api-ktx@1.6.0 org.apache.maven.doxia:doxia-core@1.12.0 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-core@1.12.0 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven:maven-plugin-api@3.5.4 org.apache.maven:maven-artifact@3.5.4 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.apache.maven:maven-plugin-api@3.9.8.
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven:maven-plugin-api@3.5.4 org.apache.maven:maven-model@3.5.4 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.apache.maven:maven-plugin-api@3.6.0.
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd com.github.gantsign.maven.doxia:doxia-sink-api-ktx@1.6.0 org.apache.maven.doxia:doxia-core@1.12.0 org.apache.commons:commons-text@1.3 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-core@1.12.0 org.apache.commons:commons-text@1.3 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.maven.doxia:doxia-core@1.12.0 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.maven:maven-artifact@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-plugin-api@3.5.4 org.apache.maven:maven-artifact@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-artifact@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-builder-support@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-plugin-api@3.5.4 org.apache.maven:maven-model@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-model@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-model-builder@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-resolver-provider@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-settings-builder@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.maven.doxia:doxia-core@1.12.0 org.apache.commons:commons-text@1.3 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-model-builder@3.5.4 org.apache.maven:maven-artifact@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-plugin-api@3.5.4 org.apache.maven:maven-artifact@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-model-builder@3.5.4 org.apache.maven:maven-builder-support@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-settings-builder@3.5.4 org.apache.maven:maven-builder-support@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-model-builder@3.5.4 org.apache.maven:maven-model@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-plugin-api@3.5.4 org.apache.maven:maven-model@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-resolver-provider@3.5.4 org.apache.maven:maven-model@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-resolver-provider@3.5.4 org.apache.maven:maven-model-builder@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-resolver-provider@3.5.4 org.apache.maven:maven-model-builder@3.5.4 org.apache.maven:maven-artifact@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-resolver-provider@3.5.4 org.apache.maven:maven-model-builder@3.5.4 org.apache.maven:maven-builder-support@3.5.4 org.apache.commons:commons-lang3@3.17.0
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-resolver-provider@3.5.4 org.apache.maven:maven-model-builder@3.5.4 org.apache.maven:maven-model@3.5.4 org.apache.commons:commons-lang3@3.17.0

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.

Remediation

Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.

References

Uncontrolled Recursion vulnerability report

high severity

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

  • Vulnerable module: commons-beanutils:commons-beanutils
  • Introduced through: org.apache.maven.reporting:maven-reporting-impl@3.1.0

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.velocity:velocity-tools@2.0 commons-beanutils:commons-beanutils@1.10.1
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.velocity:velocity-tools@2.0 commons-digester:commons-digester@2.1 commons-beanutils:commons-beanutils@1.10.1
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.velocity:velocity-tools@2.0 commons-chain:commons-chain@1.1 commons-beanutils:commons-beanutils@1.10.1
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.velocity:velocity-tools@2.0 commons-chain:commons-chain@1.1 commons-digester:commons-digester@2.1 commons-beanutils:commons-beanutils@1.10.1

Overview

commons-beanutils:commons-beanutils is a provides an easy-to-use but flexible wrapper around reflection and introspection.

Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') via the getProperty and getNestedProperty methods of the PropertyUtilsBean class. An attacker can execute arbitrary code by accessing the declaredClass property of Java enum objects, which allows access to the ClassLoader.

Note:

The BeanIntrospector class that can mitigate this vulnerability was added in version 1.9.2 but its usage was not enabled by default.

Remediation

Upgrade commons-beanutils:commons-beanutils to version 1.11.0 or higher.

References

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability report

high severity

Arbitrary Code Execution

  • Vulnerable module: org.apache.velocity:velocity
  • Introduced through: org.apache.maven.reporting:maven-reporting-impl@3.1.0

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.velocity:velocity@1.7
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.apache.velocity:velocity-tools@2.0 org.apache.velocity:velocity@1.7
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven.doxia:doxia-site-renderer@1.11.1 org.codehaus.plexus:plexus-velocity@1.2 org.apache.velocity:velocity@1.7

Overview

org.apache.velocity:velocity is a None

Affected versions of this package are vulnerable to Arbitrary Code Execution. An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine.

Note Users of org.apache.velocity:velocity should update to org.apache.velocity:velocity-engine-core version 2.3 to mitigate this vulnerability.

Remediation

There is no fixed version for org.apache.velocity:velocity.

References

Arbitrary Code Execution vulnerability report

high severity

Resources Downloaded over Insecure Protocol

  • Vulnerable module: org.apache.maven:maven-core
  • Introduced through: org.apache.maven.reporting:maven-reporting-impl@3.1.0

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4

Overview

Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol. Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls.

If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. For more information about repository management, visit this page.

Remediation

Upgrade org.apache.maven:maven-core to version 3.8.1 or higher.

References

Resources Downloaded over Insecure Protocol vulnerability report

medium severity

EPL-1.0 license

  • Module: junit:junit
  • Introduced through: junit:junit@4.13.2, org.apache.maven.doxia:doxia-core@1.12.0 and others

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd junit:junit@4.13.2
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.doxia:doxia-core@1.12.0 org.codehaus.plexus:plexus-container-default@2.1.1 junit:junit@4.13.2
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.doxia:doxia-sink-api@1.12.0 org.apache.maven.doxia:doxia-logging-api@1.12.0 org.codehaus.plexus:plexus-container-default@2.1.1 junit:junit@4.13.2
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.doxia:doxia-core@1.12.0 org.apache.maven.doxia:doxia-logging-api@1.12.0 org.codehaus.plexus:plexus-container-default@2.1.1 junit:junit@4.13.2
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.doxia:doxia-core@1.12.0 org.apache.maven.doxia:doxia-sink-api@1.12.0 org.apache.maven.doxia:doxia-logging-api@1.12.0 org.codehaus.plexus:plexus-container-default@2.1.1 junit:junit@4.13.2

EPL-1.0 license

EPL-1.0 license vulnerability report

medium severity

EPL-1.0 license

  • Module: org.eclipse.sisu:org.eclipse.sisu.inject
  • Introduced through: org.apache.maven:maven-plugin-api@3.5.4 and org.apache.maven.reporting:maven-reporting-impl@3.1.0

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven:maven-plugin-api@3.5.4 org.eclipse.sisu:org.eclipse.sisu.plexus@0.3.3 org.eclipse.sisu:org.eclipse.sisu.inject@0.3.3
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.eclipse.sisu:org.eclipse.sisu.inject@0.3.3
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-plugin-api@3.5.4 org.eclipse.sisu:org.eclipse.sisu.plexus@0.3.3 org.eclipse.sisu:org.eclipse.sisu.inject@0.3.3
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.eclipse.sisu:org.eclipse.sisu.plexus@0.3.3 org.eclipse.sisu:org.eclipse.sisu.inject@0.3.3
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-plugin-api@3.5.4 org.eclipse.sisu:org.eclipse.sisu.plexus@0.3.3 org.eclipse.sisu:org.eclipse.sisu.inject@0.3.3

EPL-1.0 license

EPL-1.0 license vulnerability report

medium severity

EPL-1.0 license

  • Module: org.eclipse.sisu:org.eclipse.sisu.plexus
  • Introduced through: org.apache.maven:maven-plugin-api@3.5.4 and org.apache.maven.reporting:maven-reporting-impl@3.1.0

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven:maven-plugin-api@3.5.4 org.eclipse.sisu:org.eclipse.sisu.plexus@0.3.3
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-plugin-api@3.5.4 org.eclipse.sisu:org.eclipse.sisu.plexus@0.3.3
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.eclipse.sisu:org.eclipse.sisu.plexus@0.3.3
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd org.apache.maven.reporting:maven-reporting-impl@3.1.0 org.apache.maven:maven-core@3.5.4 org.apache.maven:maven-plugin-api@3.5.4 org.eclipse.sisu:org.eclipse.sisu.plexus@0.3.3

EPL-1.0 license

EPL-1.0 license vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.jetbrains.intellij.deps:trove4j
  • Introduced through: com.pinterest.ktlint:ktlint-rule-engine-core@1.5.0, com.pinterest.ktlint:ktlint-rule-engine@1.5.0 and others

Detailed paths

  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd com.pinterest.ktlint:ktlint-rule-engine-core@1.5.0 org.jetbrains.kotlin:kotlin-compiler-embeddable@2.1.0 org.jetbrains.intellij.deps:trove4j@1.0.20200330
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd com.pinterest.ktlint:ktlint-rule-engine@1.5.0 org.jetbrains.kotlin:kotlin-compiler-embeddable@2.1.0 org.jetbrains.intellij.deps:trove4j@1.0.20200330
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd com.pinterest.ktlint:ktlint-cli-reporter-baseline@1.5.0 com.pinterest.ktlint:ktlint-rule-engine-core@1.5.0 org.jetbrains.kotlin:kotlin-compiler-embeddable@2.1.0 org.jetbrains.intellij.deps:trove4j@1.0.20200330
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd com.pinterest.ktlint:ktlint-cli-ruleset-core@1.5.0 com.pinterest.ktlint:ktlint-rule-engine-core@1.5.0 org.jetbrains.kotlin:kotlin-compiler-embeddable@2.1.0 org.jetbrains.intellij.deps:trove4j@1.0.20200330
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd com.pinterest.ktlint:ktlint-rule-engine@1.5.0 com.pinterest.ktlint:ktlint-rule-engine-core@1.5.0 org.jetbrains.kotlin:kotlin-compiler-embeddable@2.1.0 org.jetbrains.intellij.deps:trove4j@1.0.20200330
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd com.pinterest.ktlint:ktlint-ruleset-standard@1.5.0 com.pinterest.ktlint:ktlint-rule-engine-core@1.5.0 org.jetbrains.kotlin:kotlin-compiler-embeddable@2.1.0 org.jetbrains.intellij.deps:trove4j@1.0.20200330
  • Introduced through: gantsign/ktlint-maven-plugin@gantsign/ktlint-maven-plugin#25404c74d18dfe1c037f487d5eb15bb1b5216cbd com.pinterest.ktlint:ktlint-ruleset-standard@1.5.0 com.pinterest.ktlint:ktlint-cli-ruleset-core@1.5.0 com.pinterest.ktlint:ktlint-rule-engine-core@1.5.0 org.jetbrains.kotlin:kotlin-compiler-embeddable@2.1.0 org.jetbrains.intellij.deps:trove4j@1.0.20200330

LGPL-2.1 license

LGPL-2.1 license vulnerability report